In this chapter:
This chapter outlines the SDL-mandated security-related tools to be used during the development and testing processes. We focus on tools that are publicly available from Microsoft developer Web sites (such as MSDN) and Microsoft Visual Studio 2005.
At a minimum, the following tools are required during the development process:
PREfast (Microsoft 2005)
FxCop (GotDotNet 2006a)
Application Verifier (Microsoft 2003)
Minimum compiler and build tool versions
Let’s look at each tool in more detail.
A product of Microsoft Research, PREfast is a static analysis tool used to detect coding defects in C and C++ code. A subset of these defects is security bugs. PREfast ...